Troj/Stinx-R is a backdoor Trojan for the Windows platform.
The Trojan connects to an IRC server and joins a predetermined channel. The Trojan then accepts commands from remote attackers.
Troj/Stinx-R is a backdoor Trojan for the Windows platform.
When first run Troj/Stinx-R copies itself to <System>\csrnvrt.exe and creates two randomly named BAT files in the Temp folder. One of these files is used to attempt to bypass the Windows firewall. The other is used to delete the original copy of the Trojan.
The following registry entries are created to run csrnvrt.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
DriverModule
csrnvrt.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DriverModule
csrnvrt.exe
The Trojan connects to an IRC server and joins a predetermined channel. The Trojan then accepts commands from remote attackers.
The Trojan may also download further malicious code.
Troj/Stinx-R attempts to terminate a number of processes, including some belonging to anti-virus applications.